synced/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2025-04-14 17:22:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Address greptile suggestions

Browse Source
This commit is contained in:
Tuan Dang
2025-04-10 16:45:24 -07:00
parent 77dd768a38
commit 264177638f
14 changed files with 48 additions and 214 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/src/ee/routes/v1/ssh-host-router.ts
View File

@ -345,7 +345,7 @@ export const registerSshHostRouter = async (server: FastifyZodProvider) => {
schema: {
description: "Issue SSH certificate for host",
params: z.object({
sshHostId: z.string().describe(SSH_HOSTS.DELETE.sshHostId)
sshHostId: z.string().describe(SSH_HOSTS.ISSUE_HOST_CERT.sshHostId)
}),
body: z.object({
publicKey: z.string().describe(SSH_HOSTS.ISSUE_HOST_CERT.publicKey)
@ -430,7 +430,7 @@ export const registerSshHostRouter = async (server: FastifyZodProvider) => {
schema: {
description: "Get public key of the host SSH CA linked to the host",
params: z.object({
sshHostId: z.string().trim().describe(SSH_HOSTS.GET_USER_CA_PUBLIC_KEY.sshHostId)
sshHostId: z.string().trim().describe(SSH_HOSTS.GET_HOST_CA_PUBLIC_KEY.sshHostId)
}),
response: {
200: z.string()

1
backend/src/ee/services/permission/project-permission.ts
View File

@ -71,7 +71,6 @@ export enum ProjectPermissionSshHostActions {
Create = "create",
Edit = "edit",
Delete = "delete",
IssueUserCert = "issue-user-cert",
IssueHostCert = "issue-host-cert"
}

10
backend/src/ee/services/ssh-host/ssh-host-service.ts
View File

@ -214,14 +214,6 @@ export const sshHostServiceFactory = ({
tx
);
await sshHostLoginUserDAL.insertMany(
loginMappings.map(({ loginUser }) => ({
sshHostId: host.id,
loginUser
})),
tx
);
// (dangtony98): room to optimize
for await (const { loginUser, allowedPrincipals } of loginMappings) {
const sshHostLoginUser = await sshHostLoginUserDAL.create(
@ -524,7 +516,7 @@ export const sshHostServiceFactory = ({
await sshCertificateDAL.transaction(async (tx) => {
const cert = await sshCertificateDAL.create(
{
sshCaId: host.hostSshCaId,
sshCaId: host.userSshCaId,
sshHostId: host.id,
serialNumber,
certType: SshCertType.USER,

2
backend/src/ee/services/ssh/ssh-certificate-authority-fns.ts
View File

@ -543,7 +543,7 @@ export const createSshCaHelper = async ({
// use external SSH CA key pair
if (!externalPk || !externalSk) {
throw new BadRequestError({
message: "Public and private keys are required if generateSigningKey is false"
message: "Public and private keys are required when key source is external"
});
}
publicKey = externalPk;

1
backend/src/lib/api-docs/constants.ts
View File

@ -1375,6 +1375,7 @@ export const SSH_HOSTS = {
publicKey: "The public key of the issued SSH certificate."
},
ISSUE_HOST_CERT: {
sshHostId: "The ID of the SSH host to issue the SSH certificate for.",
publicKey: "The SSH public key to issue the SSH certificate for.",
serialNumber: "The serial number of the issued SSH certificate.",
signedKey: "The SSH certificate or signed SSH public key."

2
cli/packages/cmd/ssh.go
View File

@ -827,7 +827,7 @@ func sshAddHost(cmd *cobra.Command, args []string) {
util.PrintErrorMessageAndExit("No supported SSH host public key found at /etc/ssh")
}
if _, err := os.Stat(certOutPath); err == nil && !forceOverwrite && writeHostCertToFile {
if _, err := os.Stat(certOutPath); err == nil && !forceOverwrite {
util.PrintErrorMessageAndExit("File already exists at " + certOutPath + ". Use --force to overwrite.")
}
}

6
docs/documentation/platform/ssh-old.mdx
View File

@ -282,13 +282,13 @@ If the remote host does not have an existing SSH key pair, you can generate a ne
2.2. Create a file containing the certificate in the SSH folder of the remote host; we'll call it `ssh_host_key-cert.pub`.
2.2. Set permissions on the certificate to be `0640`:
2.3. Set permissions on the certificate to be `0640`:
```bash
sudo chmod 0640 /etc/ssh/ssh_host_key-cert.pub
```
2.3. Next, add the following lines to the `/etc/ssh/sshd_config` file on the remote host.
2.4. Next, add the following lines to the `/etc/ssh/sshd_config` file on the remote host.
```bash
HostKey /etc/ssh/ssh_host_rsa_key
@ -299,7 +299,7 @@ If the remote host does not have an existing SSH key pair, you can generate a ne
You should adjust the `HostKey` directive to match the path to the host's SSH private key as used in step 1.
</Note>
2.4. Finally, reload the SSH daemon on the remote host to apply the changes.
2.5. Finally, reload the SSH daemon on the remote host to apply the changes.
```bash
sudo systemctl reload sshd

1
frontend/src/pages/project/RoleDetailsBySlugPage/components/ProjectRoleModifySection.utils.tsx
View File

@ -255,7 +255,6 @@ type TConditionalFields =
| ProjectPermissionSub.SecretFolders
| ProjectPermissionSub.SecretImports
| ProjectPermissionSub.DynamicSecrets
| ProjectPermissionSub.Identity
| ProjectPermissionSub.SshHosts
| ProjectPermissionSub.SecretRotation
| ProjectPermissionSub.Identity;

180
frontend/src/pages/project/RoleDetailsBySlugPage/components/SshPermissionConditions.tsx
View File

@ -1,180 +0,0 @@
import { Controller, useFieldArray, useFormContext } from "react-hook-form";
import { faInfoCircle, faPlus, faTrash, faWarning } from "@fortawesome/free-solid-svg-icons";
import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
import {
Button,
FormControl,
IconButton,
Input,
Select,
SelectItem,
Tooltip
} from "@app/components/v2";
import { PermissionConditionOperators } from "@app/context/ProjectPermissionContext/types";
import {
getConditionOperatorHelperInfo,
renderOperatorSelectItems
} from "./PermissionConditionHelpers";
import { TFormSchema } from "./ProjectRoleModifySection.utils";
type Props = {
position?: number;
isDisabled?: boolean;
};
export const SshPermissionConditions = ({ position = 0, isDisabled }: Props) => {
const {
control,
watch,
setValue,
formState: { errors }
} = useFormContext<TFormSchema>();
const items = useFieldArray({
control,
name: `permissions.secrets.${position}.conditions`
});
const conditionErrorMessage =
errors?.permissions?.secrets?.[position]?.conditions?.message ||
errors?.permissions?.secrets?.[position]?.conditions?.root?.message;
return (
<div className="mt-6 border-t border-t-mineshaft-600 bg-mineshaft-800 pt-2">
<p className="mt-2 text-gray-300">Conditions</p>
<p className="text-sm text-mineshaft-400">
Conditions determine when a policy will be applied (always if no conditions are present).
</p>
<p className="mb-3 text-sm leading-4 text-mineshaft-400">
All conditions must evaluate to true for the policy to take effect.
</p>
<div className="mt-2 flex flex-col space-y-2">
{items.fields.map((el, index) => {
const condition = watch(`permissions.secrets.${position}.conditions.${index}`) as {
lhs: string;
rhs: string;
operator: string;
};
return (
<div
key={el.id}
className="flex gap-2 bg-mineshaft-800 first:rounded-t-md last:rounded-b-md"
>
<div className="w-1/4">
<Controller
control={control}
name={`permissions.secrets.${position}.conditions.${index}.lhs`}
render={({ field, fieldState: { error } }) => (
<FormControl
isError={Boolean(error?.message)}
errorText={error?.message}
className="mb-0"
>
<Select
defaultValue={field.value}
{...field}
onValueChange={(e) => {
setValue(
`permissions.secrets.${position}.conditions.${index}.operator`,
PermissionConditionOperators.$IN as never
);
field.onChange(e);
}}
className="w-full"
>
<SelectItem value="environment">Hostname</SelectItem>
</Select>
</FormControl>
)}
/>
</div>
<div className="flex w-36 items-center space-x-2">
<Controller
control={control}
name={`permissions.secrets.${position}.conditions.${index}.operator`}
render={({ field, fieldState: { error } }) => (
<FormControl
isError={Boolean(error?.message)}
errorText={error?.message}
className="mb-0 flex-grow"
>
<Select
defaultValue={field.value}
{...field}
onValueChange={(e) => field.onChange(e)}
className="w-full"
>
{renderOperatorSelectItems(condition.lhs)}
</Select>
</FormControl>
)}
/>
<div>
<Tooltip
asChild
content={getConditionOperatorHelperInfo(
condition?.operator as PermissionConditionOperators
)}
className="max-w-xs"
>
<FontAwesomeIcon icon={faInfoCircle} size="xs" className="text-gray-400" />
</Tooltip>
</div>
</div>
<div className="flex-grow">
<Controller
control={control}
name={`permissions.secrets.${position}.conditions.${index}.rhs`}
render={({ field, fieldState: { error } }) => (
<FormControl
isError={Boolean(error?.message)}
errorText={error?.message}
className="mb-0 flex-grow"
>
<Input {...field} />
</FormControl>
)}
/>
</div>
<div>
<IconButton
ariaLabel="plus"
variant="outline_bg"
className="p-2.5"
onClick={() => items.remove(index)}
>
<FontAwesomeIcon icon={faTrash} />
</IconButton>
</div>
</div>
);
})}
</div>
{conditionErrorMessage && (
<div className="flex items-center space-x-2 py-2 text-sm text-gray-400">
<FontAwesomeIcon icon={faWarning} className="text-red" />
<span>{conditionErrorMessage}</span>
</div>
)}
<div>
<Button
leftIcon={<FontAwesomeIcon icon={faPlus} />}
variant="star"
size="xs"
className="mt-3"
isDisabled={isDisabled}
onClick={() =>
items.append({
lhs: "environment",
operator: PermissionConditionOperators.$EQ,
rhs: ""
})
}
>
Add Condition
</Button>
</div>
</div>
);
};

2
frontend/src/pages/ssh/SshCasPage/SshCasPage.tsx
View File

@ -10,7 +10,7 @@ export const SshCasPage = () => {
return (
<>
<Helmet>
<title>{t("common.head-title", { title: "Certificates" })}</title>
<title>{t("common.head-title", { title: "SSH" })}</title>
</Helmet>
<div className="h-full bg-bunker-800">
<div className="container mx-auto flex flex-col justify-between bg-bunker-800 text-white">

2
frontend/src/pages/ssh/SshCasPage/components/SshCaModal.tsx
View File

@ -144,7 +144,7 @@ export const SshCaModal = ({ popUp, handlePopUpToggle }: Props) => {
} catch (err) {
console.error(err);
createNotification({
text: "Failed to create SSH CA",
text: `Failed to ${ca ? "update" : "create"} SSH CA`,
type: "error"
});
}

12
frontend/src/pages/ssh/SshCertsPage/components/SshCertificatesSection.tsx
View File

@ -1,15 +1,21 @@
import { faPlus } from "@fortawesome/free-solid-svg-icons";
import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
import { ProjectPermissionCan } from "@app/components/permissions";
import { Button } from "@app/components/v2";
import { ProjectPermissionActions, ProjectPermissionSub } from "@app/context";
import { usePopUp } from "@app/hooks/usePopUp";
import { SshCertificateModal } from "../../SshCaByIDPage/components/SshCertificateModal";
import { SshCertificatesTable } from "./SshCertificatesTable";
export const SshCertificatesSection = () => {
const { popUp, handlePopUpToggle } = usePopUp(["sshCertificate"] as const);
const { popUp, handlePopUpToggle, handlePopUpOpen } = usePopUp(["sshCertificate"] as const);
return (
<div className="rounded-lg border border-mineshaft-600 bg-mineshaft-900 p-4">
<div className="mb-4 flex justify-between">
<p className="text-xl font-semibold text-mineshaft-100">Certificates</p>
{/* <ProjectPermissionCan
<ProjectPermissionCan
I={ProjectPermissionActions.Create}
a={ProjectPermissionSub.SshCertificates}
>
@ -24,7 +30,7 @@ export const SshCertificatesSection = () => {
Request
</Button>
)}
</ProjectPermissionCan> */}
</ProjectPermissionCan>
</div>
<SshCertificatesTable />
<SshCertificateModal popUp={popUp} handlePopUpToggle={handlePopUpToggle} />

6
frontend/src/pages/ssh/SshHostsPage/components/SshHostModal.tsx
View File

@ -152,7 +152,7 @@ export const SshHostModal = ({ popUp, handlePopUpToggle }: Props) => {
} catch (err) {
console.error(err);
createNotification({
text: "Failed to add SSH host",
text: `Failed to ${sshHost ? "update" : "add"} SSH host`,
type: "error"
});
}
@ -206,7 +206,7 @@ export const SshHostModal = ({ popUp, handlePopUpToggle }: Props) => {
errorText={error?.message}
isRequired
>
<Input {...field} placeholder="host.example.com" />
<Input {...field} placeholder="8h" />
</FormControl>
)}
/>
@ -328,7 +328,7 @@ export const SshHostModal = ({ popUp, handlePopUpToggle }: Props) => {
{(value.length === 0 ? [""] : value).map(
(principal: string, principalIndex: number) => (
<div
key={`${metadataFieldId}-principal-${principal}`}
key={`${metadataFieldId}-principal-${principal || principalIndex}`}
className="flex items-center space-x-2"
>
<div className="flex-1">

33
frontend/src/pages/ssh/SshHostsPage/components/SshHostsSection.tsx
View File

@ -1,4 +1,4 @@
import { faPlus } from "@fortawesome/free-solid-svg-icons";
import { faArrowUpRightFromSquare, faPlus } from "@fortawesome/free-solid-svg-icons";
import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
import { createNotification } from "@app/components/notifications";
@ -42,27 +42,44 @@ export const SshHostsSection = () => {
<div className="mb-6 rounded-lg border border-mineshaft-600 bg-mineshaft-900 p-4">
<div className="mb-4 flex justify-between">
<p className="text-xl font-semibold text-mineshaft-100">Hosts</p>
<ProjectPermissionCan I={ProjectPermissionActions.Create} a={ProjectPermissionSub.SshHosts}>
{(isAllowed) =>
isAllowed && (
<div className="flex w-full justify-end">
<a
target="_blank"
rel="noopener noreferrer"
href="https://infisical.com/docs/documentation/platform/ssh"
>
<span className="flex w-max cursor-pointer items-center rounded-md border border-mineshaft-500 bg-mineshaft-600 px-4 py-2 text-mineshaft-200 duration-200 hover:border-primary/40 hover:bg-primary/10 hover:text-white">
Documentation{" "}
<FontAwesomeIcon
icon={faArrowUpRightFromSquare}
className="mb-[0.06rem] ml-1 text-xs"
/>
</span>
</a>
<ProjectPermissionCan
I={ProjectPermissionActions.Create}
a={ProjectPermissionSub.SshHosts}
>
{(isAllowed) => (
<Button
colorSchema="primary"
type="submit"
leftIcon={<FontAwesomeIcon icon={faPlus} />}
onClick={() => handlePopUpOpen("sshHost")}
isDisabled={!isAllowed}
className="ml-4"
>
Add Host
</Button>
)
}
</ProjectPermissionCan>
)}
</ProjectPermissionCan>
</div>
</div>
<SshHostsTable handlePopUpOpen={handlePopUpOpen} />
<SshHostModal popUp={popUp} handlePopUpToggle={handlePopUpToggle} />
<DeleteActionModal
isOpen={popUp.deleteSshHost.isOpen}
title="Are you sure want to remove the SSH host?"
title="Are you sure you want to remove the SSH host?"
onChange={(isOpen) => handlePopUpToggle("deleteSshHost", isOpen)}
deleteKey="confirm"
onDeleteApproved={() =>